Remove effective roles filtering to avoid inconsistency (#28099)

* Changed effective roles filtering method Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com> * Adjusted remaining endpoints Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com> --------- Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
2024-07-08 14:56:55 +02:00 · 2024-07-08 14:56:55 +02:00 · f4178bfa26
commit f4178bfa26
parent a918eb1e30
1 changed files with 5 additions and 7 deletions
--- a/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.java
+++ b/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/EffectiveRoleMappingResource.java
@ -60,7 +60,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
        this.auth.clients().requireView(clientScope);
        return toSortedClientRoles(
                addSubClientRoles(clientScope.getScopeMappingsStream())
-                .filter(auth.roles()::canMapClientScope));
+        );
    }
    @GET
@ -90,7 +90,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
        auth.clients().requireView(client);
        return toSortedClientRoles(
                addSubClientRoles(client.getScopeMappingsStream())
-                .filter(auth.roles()::canMapRole));
+        );
    }
    @GET
@ -120,7 +120,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
        auth.groups().requireView(group);
        return toSortedClientRoles(
                addSubClientRoles(addParents(group).flatMap(GroupModel::getRoleMappingsStream))
-                .filter(auth.roles()::canMapRole));
+        );
    }
    @GET
@ -154,7 +154,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
                user.getGroupsStream()
                        .flatMap(g -> addParents(g))
                        .flatMap(GroupModel::getRoleMappingsStream)))
-                .filter(auth.roles()::canMapRole));
+        );
    }
    @GET
@ -179,9 +179,7 @@ public class EffectiveRoleMappingResource extends RoleMappingResource {
        auth.roles().requireList(realm);
        final RoleModel defaultRole = this.realm.getDefaultRole();
        //this definitely does not return what the descriptions says
-        return toSortedClientRoles(
+        return toSortedClientRoles(addSubClientRoles(Stream.of(defaultRole)));
                addSubClientRoles(Stream.of(defaultRole))
                .filter(auth.roles()::canMapRole));
    }
    private Stream<RoleModel> addSubClientRoles(Stream<RoleModel> roles) {